Re: loopback device
From: Craig Van Tassle (craig@ambrosa.dns04.com)Date: 01/17/02
- Previous message: Frank Murphy: "Proxy Firewalls as a security requirement"
- Maybe in reply to: Craig Van Tassle: "loopback device"
- Next in thread: Craig Van Tassle: "Re: loopback device"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 17 Jan 2002 14:18:12 -0600 From: Craig Van Tassle <craig@ambrosa.dns04.com> To: leon <leon@inyc.com>
Ok The port was a typeo. but do you think that my computer could be compromised or this could just be a mis-configuration on my computer or a atempt at a hack?How is it that my computer is catcheing this loopback traffic? could someone be bouncing off my computer or what?
Thanks
Craig
On Thu, Jan 17, 2002 at 02:11:15PM -0500, leon wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> What do you mean by what program is running on this port? I am not
> sure if you consider the loop back address a port as much as what it
> is (ie; a loopback address). I don't know if you can bind running
> process to the loopback addy. Even if you possibly could, an
> attacker never would because you would be unable to route traffic to
> it.
>
> HTH,
>
> Leon
>
> - -----Original Message-----
> From: Craig Van Tassle [mailto:craig@ambrosa.dns04.com]
> Sent: Tuesday, January 15, 2002 2:35 PM
> To: secuirty-basics
> Subject: Re: loopback device
>
> My loop back is supposed to be 127.0.0.1.. at least that is what my
> ifconfig shows me.. and i have no idea what program is running on
> that port.
> Do you think that i could have a possible intrusin?
>
> Thanks
> Craig
>
> On Tue, Jan 15, 2002 at 10:44:48AM -0800, Glenn Pitcher wrote:
> > No, you can't bypass the firewall using the loopback interface.
> > Whats interesting though is the IP address they're using... usually
> > loopback is 127.0.0.1 and the port number, 5460 isn't assigned to
> > anyone so what program is running?
> >
> > -----Original Message-----
> > From: Craig Van Tassle [mailto:craig@ambrosa.dns04.com]
> > Sent: Monday, January 14, 2002 8:48 AM
> > To: secuirty-basics
> > Subject: loopback device
> >
> >
> > Is it possible for someone over a network to use my loopback to by
> > pass my firewall? If so what can i do to mitigate the problem and
> > how damageing can it be?
> >
> > The reason im asking is my Snort sytem is showing badd loopback
> > traffic.. thanks
> >
> > here is a snipit from my snort logs.
> >
> > [**] [1:528:2] BAD TRAFFIC loopback traffic [**]
> > [Classification: Potentially Bad Traffic] [Priority: 2]
> > 01/12-14:10:11.568007 45.253.14.97:49847 -> 127.167.228.85:5460
> > TCP TTL:64 TOS:0x0 ID:37583 IpLen:20 DgmLen:40
> > ******S* Seq: 0x3F4BB00A Ack: 0x0 Win: 0x200 TcpLen: 20
> >
> > Thanks
> > Craig
> >
> >
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
>
> iQA/AwUBPEchztqAgf0xoaEuEQJ4TACfeH/voSSUxDHrssH2yxJzHMZwmBcAnAlF
> 0A9v/M5EMTD2QQeYsszeN2Dq
> =tCcQ
> -----END PGP SIGNATURE-----
>
- application/pgp-signature attachment: stored
- Previous message: Frank Murphy: "Proxy Firewalls as a security requirement"
- Maybe in reply to: Craig Van Tassle: "loopback device"
- Next in thread: Craig Van Tassle: "Re: loopback device"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
